App Privacy Policies

VS Easy Product Bundles app icon

Privacy Policy

VS Easy Product Bundles — how we collect, use, and protect your data

Last updated: 9 July 2026

VS Easy Product Bundles ("the App") is a Shopify embedded app operated by Vedantara Solutions ("we", "us", or "our"). The App helps merchants create, publish, and sell product bundles — including fixed bundles and mix-and-match bundles with optional add-ons. It connects to your Shopify catalog, writes storefront configuration (metafields and metaobjects), registers a Cart Transform for checkout pricing, and reports bundle-attributed sales in the admin dashboard. This Privacy Policy describes what information we collect, how we use it, and your rights when you install or use the App. It applies only to this App — not to the Vedantara Solutions marketing website or our other products.

Shopify API Access (Permissions)

When you install the App, you approve Shopify API access scopes. We use only the permissions needed to operate the App:
  • Products (read & write) — read your catalog to build bundles; create and update bundle products in Shopify
  • Orders (read) — attribute bundle sales to analytics when orders are placed (commercial line data only)
  • Themes (read) — support theme app block setup on Online Store 2.0 themes
  • Cart transforms (read & write) — register and run checkout grouping so bundle pricing and components are correct
  • Publications (read & write) — publish bundle products to your sales channels
  • Metaobjects & metafield definitions (read & write) — store storefront bundle configuration your theme block reads
We request the minimum scopes required for these features. We do not request access to customer personal data beyond what Shopify includes in order webhooks needed for bundle attribution, and we do not access payment card data — Shopify Checkout handles all payments.

Information We Collect

From your Shopify store (via approved API access):
  • Shop details: domain, name, email, currency, country, and Shopify plan
  • Product and variant catalog data (IDs, titles, images, inventory references) to configure bundles
  • Theme information needed for app block placement
  • Publication and catalog status when publishing bundle products
  • Metafield and metaobject data written by the App for storefront bundle offers
For bundle analytics (from order webhooks, when enabled):
  • Shopify order and line-item identifiers
  • Commercial data: product references, quantities, prices, discounts, and currency
  • Bundle attribution references linked to order lines
  • Order display names (e.g. "#1001") for merchant-facing analytics lists
We do not routinely store your end-customers' names, email addresses, phone numbers, or shipping addresses. Analytics and plan-limit metering use order and line identifiers plus commercial amounts — not customer contact profiles.
From merchants using the App:
  • Bundle configurations you create (products, rules, pricing, publish status)
  • Subscription and billing status from Shopify (plan, charge status)
  • Support form submissions: contact email and message (when you contact us from the App)
  • Technical logs: IP address, browser, and usage data for security and troubleshooting
OAuth access tokens are stored securely so the App can call Shopify on your behalf while installed.

How We Use Information

We use collected information to:
  • Create, publish, update, and archive bundle products in your Shopify catalog
  • Sync storefront bundle snapshots (metafields/metaobjects) for the theme app block
  • Register and operate Shopify Cart Transform for checkout grouping and pricing
  • Attribute bundle revenue and show analytics in the admin dashboard
  • Enforce plan usage limits (e.g. bundle count and revenue caps on the Free plan)
  • Process app subscription billing through Shopify
  • Provide customer support and respond to your requests
  • Respond to Shopify mandatory privacy compliance webhooks
  • Maintain security, prevent abuse, and comply with legal obligations
We do not sell personal information, use store data for unrelated advertising, or use customer data for marketing outside operating the App for your store.

Sharing & Subprocessors

We do not sell personal information.
Shopify: Data is shared with Shopify as required for the App to function (catalog updates, metafields, cart transforms, billing, and webhooks).
Service providers: We use infrastructure providers (e.g. cloud hosting, database, email delivery) to run the App. They process data only on our instructions and under confidentiality obligations.
We may disclose information when required by law or to respond to valid legal requests.

Merchant & Customer Roles (GDPR / Privacy Laws)

Merchants are the data controller for their store and their customers' personal data.
We act as a data processor when handling store and order data on your instructions through app installation.
If a customer requests access to or deletion of their personal data, the merchant should handle the request per applicable law. Shopify sends mandatory compliance webhooks to the App:
  • customers/data_request — customer data access requests
  • customers/redact — customer data erasure requests
  • shop/redact — shop data erasure after uninstall (per Shopify's timeline)
We acknowledge and process these webhooks as required by Shopify's Partner Program and applicable privacy laws. Because the App stores limited end-customer personal data, most customer-related requests involve data held in Shopify Admin rather than in the App.
Merchants may contact us (see Contact Us below) for privacy questions or to exercise rights relating to data the App holds about their store.

Your Rights

If you're located in certain jurisdictions, including the EU, you have the right to access, update, or request deletion of your personal data by contacting us below.
You can also uninstall the App from your Shopify admin at any time. Your data may be processed or stored in countries outside your jurisdiction.

Data Retention

We retain data only as long as necessary to deliver the App and fulfill legal requirements. If you uninstall the App, you can request deletion of your data; we will delete or anonymize it in accordance with applicable law and Shopify's requirements.

Security

We use reasonable technical and organizational measures to protect data, including:
  • Encryption in transit (TLS/HTTPS)
  • Secure storage of Shopify access tokens
  • Webhook HMAC validation for Shopify callbacks
  • Access controls on production systems
No method of transmission over the Internet is completely secure. We work to safeguard the information we process.

International Transfers

Data may be processed or stored in countries other than your own, including where our hosting providers operate. We take steps appropriate to the nature of the data to protect it when transferred internationally.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will change when we do. Material changes may be communicated through the App or by email where appropriate. Continued use of the App after changes constitutes acceptance of the updated policy.

Contact Us

For any questions, requests, or concerns, please visit our Contact page.